1 2AC_INIT([iptables], [1.8.11]) 3 4# See libtool.info "Libtool's versioning system" 5libxtables_vcurrent=19 6libxtables_vage=7 7 8AC_CONFIG_AUX_DIR([build-aux]) 9AC_CONFIG_HEADERS([config.h]) 10AC_CONFIG_MACRO_DIR([m4]) 11AC_PROG_INSTALL 12AM_INIT_AUTOMAKE([-Wall]) 13AC_PROG_CC 14AM_PROG_CC_C_O 15m4_ifdef([AM_PROG_AR], [AM_PROG_AR]) 16LT_INIT([disable-static]) 17 18AC_ARG_WITH([kernel], 19 AS_HELP_STRING([--with-kernel=PATH], 20 [Path to kernel source/build directory]), 21 [kbuilddir="$withval"; ksourcedir="$withval";]) 22AC_ARG_WITH([kbuild], 23 AS_HELP_STRING([--with-kbuild=PATH], 24 [Path to kernel build directory [[/lib/modules/CURRENT/build]]]), 25 [kbuilddir="$withval"]) 26AC_ARG_WITH([ksource], 27 AS_HELP_STRING([--with-ksource=PATH], 28 [Path to kernel source directory [[/lib/modules/CURRENT/source]]]), 29 [ksourcedir="$withval"]) 30AC_ARG_WITH([xtlibdir], 31 AS_HELP_STRING([--with-xtlibdir=PATH], 32 [Path where to install Xtables extensions [[LIBEXECDIR/xtables]]]), 33 [xtlibdir="$withval"], 34 [xtlibdir="${libdir}/xtables"]) 35AC_ARG_ENABLE([ipv4], 36 AS_HELP_STRING([--disable-ipv4], [Do not build iptables]), 37 [enable_ipv4="$enableval"], [enable_ipv4="yes"]) 38AC_ARG_ENABLE([ipv6], 39 AS_HELP_STRING([--disable-ipv6], [Do not build ip6tables]), 40 [enable_ipv6="$enableval"], [enable_ipv6="yes"]) 41AC_ARG_ENABLE([largefile], 42 AS_HELP_STRING([--disable-largefile], [Do not build largefile support]), 43 [enable_largefile="$enableval"], 44 [enable_largefile="yes"]) 45AS_IF([test "$enable_largefile" = "yes"], [largefile_cppflags='-D_LARGEFILE_SOURCE=1 -D_LARGE_FILES -D_FILE_OFFSET_BITS=64']) 46 47AC_ARG_ENABLE([devel], 48 AS_HELP_STRING([--enable-devel], 49 [Install Xtables development headers]), 50 [enable_devel="$enableval"], [enable_devel="yes"]) 51AC_ARG_ENABLE([libipq], 52 AS_HELP_STRING([--enable-libipq], [Build and install libipq]), 53 [enable_libipq="$enableval"], [enable_libipq="no"]) 54AC_ARG_ENABLE([bpf-compiler], 55 AS_HELP_STRING([--enable-bpf-compiler], [Build bpf compiler]), 56 [enable_bpfc="$enableval"], [enable_bpfc="no"]) 57AC_ARG_ENABLE([nfsynproxy], 58 AS_HELP_STRING([--enable-nfsynproxy], [Build SYNPROXY configuration tool]), 59 [enable_nfsynproxy="$enableval"], [enable_nfsynproxy="no"]) 60AC_ARG_WITH([pkgconfigdir], AS_HELP_STRING([--with-pkgconfigdir=PATH], 61 [Path to the pkgconfig directory [[LIBDIR/pkgconfig]]]), 62 [pkgconfigdir="$withval"], [pkgconfigdir='${libdir}/pkgconfig']) 63AC_ARG_ENABLE([nftables], 64 AS_HELP_STRING([--disable-nftables], [Do not build nftables compat]), 65 [enable_nftables="$enableval"], [enable_nftables="yes"]) 66AC_ARG_ENABLE([libnfnetlink], 67 AS_HELP_STRING([--disable-libnfnetlink], [Do not use netfilter netlink library]), 68 [enable_libnfnetlink="$enableval"], [enable_libnfnetlink="auto"]) 69AC_ARG_ENABLE([connlabel], 70 AS_HELP_STRING([--disable-connlabel], 71 [Do not build libnetfilter_conntrack]), 72 [enable_connlabel="$enableval"], [enable_connlabel="yes"]) 73AC_ARG_WITH([xt-lock-name], AS_HELP_STRING([--with-xt-lock-name=PATH], 74 [Path to the xtables lock [[/run/xtables.lock]]]), 75 [xt_lock_name="$withval"], 76 [xt_lock_name="/run/xtables.lock"]) 77AC_ARG_ENABLE([profiling], 78 AS_HELP_STRING([--enable-profiling], [build for use of gcov/gprof]), 79 [enable_profiling="$enableval"], [enable_profiling="no"]) 80 81AC_MSG_CHECKING([whether $LD knows -Wl,--no-undefined]) 82saved_LDFLAGS="$LDFLAGS"; 83LDFLAGS="-Wl,--no-undefined"; 84AC_LINK_IFELSE([AC_LANG_SOURCE([int main(void) {}])], 85 [noundef_LDFLAGS="$LDFLAGS"; AC_MSG_RESULT([yes])], 86 [AC_MSG_RESULT([no])] 87) 88LDFLAGS="$saved_LDFLAGS"; 89 90blacklist_modules="" 91blacklist_x_modules="" 92blacklist_b_modules="" 93blacklist_a_modules="" 94blacklist_4_modules="" 95blacklist_6_modules="" 96 97AC_CHECK_HEADERS([linux/dccp.h linux/ip_vs.h linux/magic.h linux/proc_fs.h linux/bpf.h]) 98if test "$ac_cv_header_linux_dccp_h" != "yes"; then 99 blacklist_modules="$blacklist_modules dccp"; 100fi; 101if test "$ac_cv_header_linux_ip_vs_h" != "yes"; then 102 blacklist_modules="$blacklist_modules ipvs"; 103fi; 104 105AC_CHECK_SIZEOF([struct ip6_hdr], [], [#include <netinet/ip6.h>]) 106 107AM_CONDITIONAL([ENABLE_STATIC], [test "$enable_static" = "yes"]) 108AM_CONDITIONAL([ENABLE_SHARED], [test "$enable_shared" = "yes"]) 109AM_CONDITIONAL([ENABLE_IPV4], [test "$enable_ipv4" = "yes"]) 110AM_CONDITIONAL([ENABLE_IPV6], [test "$enable_ipv6" = "yes"]) 111AM_CONDITIONAL([ENABLE_LARGEFILE], [test "$enable_largefile" = "yes"]) 112AM_CONDITIONAL([ENABLE_DEVEL], [test "$enable_devel" = "yes"]) 113AM_CONDITIONAL([ENABLE_LIBIPQ], [test "$enable_libipq" = "yes"]) 114AM_CONDITIONAL([ENABLE_BPFC], [test "$enable_bpfc" = "yes"]) 115AM_CONDITIONAL([ENABLE_SYNCONF], [test "$enable_nfsynproxy" = "yes"]) 116AM_CONDITIONAL([ENABLE_NFTABLES], [test "$enable_nftables" = "yes"]) 117AM_CONDITIONAL([ENABLE_CONNLABEL], [test "$enable_connlabel" = "yes"]) 118 119# If specified explicitly on the command line, error out when library was not found 120# Otherwise, disable and continue 121AS_IF([test "x$enable_libnfnetlink" = "xyes"], 122 [PKG_CHECK_MODULES([libnfnetlink], [libnfnetlink >= 1.0], 123 [nfnetlink=1])], 124 [test "x$enable_libnfnetlink" = "xauto"], 125 [PKG_CHECK_MODULES([libnfnetlink], [libnfnetlink >= 1.0], 126 [nfnetlink=1], [nfnetlink=0])]) 127AM_CONDITIONAL([HAVE_LIBNFNETLINK], [test "$nfnetlink" = 1]) 128 129if test "x$enable_bpfc" = "xyes" || test "x$enable_nfsynproxy" = "xyes"; then 130 PKG_CHECK_MODULES([libpcap], [libpcap], [], [ 131 AC_MSG_ERROR(missing libpcap library required by bpf compiler or nfsynproxy tool)]) 132fi 133 134if test "x$enable_nftables" = "xyes"; then 135 PKG_CHECK_MODULES([libmnl], [libmnl >= 1.0], [mnl=1], [mnl=0]) 136 137 if test "$mnl" = 0; 138 then 139 echo "*** Error: No suitable libmnl found. ***" 140 echo " Please install the 'libmnl' package" 141 echo " Or consider --disable-nftables to skip" 142 echo " iptables-compat over nftables support." 143 exit 1 144 fi 145 146 PKG_CHECK_MODULES([libnftnl], [libnftnl >= 1.2.6], [nftables=1], [nftables=0]) 147 148 if test "$nftables" = 0; 149 then 150 echo "*** Error: no suitable libnftnl found. ***" 151 echo " Please install the 'libnftnl' package" 152 echo " Or consider --disable-nftables to skip" 153 echo " iptables-compat over nftables support." 154 exit 1 155 fi 156fi 157 158AM_CONDITIONAL([HAVE_LIBMNL], [test "$mnl" = 1]) 159AM_CONDITIONAL([HAVE_LIBNFTNL], [test "$nftables" = 1]) 160 161if test "$nftables" != 1; then 162 blacklist_b_modules="$blacklist_b_modules limit mark nflog mangle" 163 blacklist_a_modules="$blacklist_a_modules mangle" 164fi 165 166if test "x$enable_connlabel" = "xyes"; then 167 PKG_CHECK_MODULES([libnetfilter_conntrack], 168 [libnetfilter_conntrack >= 1.0.6], 169 [nfconntrack=1], [nfconntrack=0]) 170 171 if test "$nfconntrack" -ne 1; then 172 blacklist_modules="$blacklist_modules connlabel"; 173 echo "WARNING: libnetfilter_conntrack not found, connlabel match will not be built"; 174 enable_connlabel="no"; 175 fi; 176else 177 blacklist_modules="$blacklist_modules connlabel"; 178fi; 179 180AM_CONDITIONAL([HAVE_LIBNETFILTER_CONNTRACK], [test "$nfconntrack" = 1]) 181 182AC_SUBST([blacklist_modules]) 183AC_SUBST([blacklist_x_modules]) 184AC_SUBST([blacklist_b_modules]) 185AC_SUBST([blacklist_a_modules]) 186AC_SUBST([blacklist_4_modules]) 187AC_SUBST([blacklist_6_modules]) 188 189regular_CFLAGS="-Wall -Waggregate-return -Wmissing-declarations \ 190 -Wmissing-prototypes -Wredundant-decls -Wshadow -Wstrict-prototypes \ 191 -Wlogical-op \ 192 -Winline -pipe"; 193regular_CPPFLAGS="${largefile_cppflags} -D_REENTRANT \ 194 -DXTABLES_LIBDIR=\\\"\${xtlibdir}\\\" -DXTABLES_INTERNAL"; 195kinclude_CPPFLAGS=""; 196if [[ -n "$kbuilddir" ]]; then 197 kinclude_CPPFLAGS="$kinclude_CPPFLAGS -I$kbuilddir/include/uapi -I$kbuilddir/include"; 198fi; 199if [[ -n "$ksourcedir" ]]; then 200 kinclude_CPPFLAGS="$kinclude_CPPFLAGS -I$ksourcedir/include/uapi -I$ksourcedir/include"; 201fi; 202pkgdatadir='${datadir}/xtables'; 203 204if test "x$enable_profiling" = "xyes"; then 205 regular_CFLAGS="$regular_CFLAGS -fprofile-arcs -ftest-coverage" 206 regular_LDFLAGS="$regular_LDFLAGS -lgcov --coverage" 207fi 208 209AC_MSG_CHECKING([whether the build is using musl-libc]) 210enable_musl_build="" 211 212AC_COMPILE_IFELSE( 213 [AC_LANG_PROGRAM([[#include <netinet/if_ether.h>]], 214 [[ 215 #if ! defined(__UAPI_DEF_ETHHDR) || __UAPI_DEF_ETHHDR != 0 216 #error error trying musl... 217 #endif 218 ]] 219 )], 220 [enable_musl_build="yes"],[enable_musl_build="no"] 221) 222AC_MSG_RESULT([${enable_musl_build}]) 223 224if test "x$enable_musl_build" = "xyes"; then 225 regular_CFLAGS="$regular_CFLAGS -D__UAPI_DEF_ETHHDR=0" 226fi 227 228define([EXPAND_VARIABLE], 229[$2=[$]$1 230if test $prefix = 'NONE'; then 231 prefix="/usr/local" 232fi 233while true; do 234 case "[$]$2" in 235 *\[$]* ) eval "$2=[$]$2" ;; 236 *) break ;; 237 esac 238done 239eval "$2=[$]$2" 240])dnl EXPAND_VARIABLE 241 242AC_SUBST([regular_CFLAGS]) 243AC_SUBST([regular_CPPFLAGS]) 244AC_SUBST([noundef_LDFLAGS]) 245AC_SUBST([regular_LDFLAGS]) 246AC_SUBST([kinclude_CPPFLAGS]) 247AC_SUBST([kbuilddir]) 248AC_SUBST([ksourcedir]) 249AC_SUBST([xtlibdir]) 250AC_SUBST([pkgconfigdir]) 251AC_SUBST([pkgdatadir]) 252AC_SUBST([libxtables_vcurrent]) 253AC_SUBST([libxtables_vage]) 254libxtables_vmajor=$(($libxtables_vcurrent - $libxtables_vage)); 255AC_SUBST([libxtables_vmajor]) 256 257AC_DEFINE_UNQUOTED([XT_LOCK_NAME], "${xt_lock_name}", 258 [Location of the iptables lock file]) 259AC_SUBST([XT_LOCK_NAME], "${xt_lock_name}") 260 261AC_CONFIG_FILES([Makefile extensions/GNUmakefile include/Makefile 262 iptables/Makefile iptables/xtables.pc 263 iptables/iptables.8 iptables/iptables-extensions.8.tmpl 264 iptables/iptables-save.8 iptables/iptables-restore.8 265 iptables/iptables-apply.8 iptables/iptables-xml.1 266 libipq/Makefile libipq/libipq.pc 267 libiptc/Makefile libiptc/libiptc.pc 268 libiptc/libip4tc.pc libiptc/libip6tc.pc 269 libxtables/Makefile utils/Makefile 270 include/xtables-version.h 271 iptables/xtables-monitor.8 272 utils/nfnl_osf.8 273 utils/nfbpf_compile.8]) 274AC_OUTPUT 275 276 277EXPAND_VARIABLE(xtlibdir, e_xtlibdir) 278EXPAND_VARIABLE(pkgconfigdir, e_pkgconfigdir) 279 280echo " 281Iptables Configuration: 282 IPv4 support: ${enable_ipv4} 283 IPv6 support: ${enable_ipv6} 284 Devel support: ${enable_devel} 285 IPQ support: ${enable_libipq} 286 Large file support: ${enable_largefile} 287 BPF utils support: ${enable_bpfc} 288 nfsynproxy util support: ${enable_nfsynproxy} 289 nftables support: ${enable_nftables} 290 connlabel support: ${enable_connlabel} 291 profiling support: ${enable_profiling} 292 293Build parameters: 294 Put plugins into executable (static): ${enable_static} 295 Support plugins via dlopen (shared): ${enable_shared} 296 Installation prefix (--prefix): ${prefix} 297 Xtables extension directory: ${e_xtlibdir} 298 Pkg-config directory: ${e_pkgconfigdir} 299 Xtables lock file: ${xt_lock_name} 300 Build against musl-libc: ${enable_musl_build}" 301 302if [[ -n "$ksourcedir" ]]; then 303 echo " Kernel source directory: ${ksourcedir}" 304fi; 305if [[ -n "$kbuilddir" ]]; then 306 echo " Kernel build directory: ${kbuilddir}" 307fi; 308 309echo " Host: ${host} 310 GCC binary: ${CC}" 311 312test x"$blacklist_modules" = "x" || echo " 313Iptables modules that will not be built: $blacklist_modules" 314